Safeguarding Your Password
This information first appeared in MichNet News, Volume 11, No. 1.
It is based on copyrighted material (1995) by David G. Beausang, Colorado School
of Mines.
After you have created a good password, how can you improve the odds of remembering
it?
- Use your new password immediately: change your password and then logout
and log back in.
- After ten minutes (about the length of short term memory) use your new password
again: logout and log back in.
- Don't change your password Friday afternoon just before leaving for the
weekend.
- Try to commit your password to memory.
- If you absolutely need to write down your password, make sure that anyone
seeing it or finding it cannot determine what it is: make sure that it is
unrecognizable and cannot be associated with your account/user name. This
is the same principle that applies to the pin number for your credit or bank
card—and it can be even more costly.
How often do you need to change your password?
The effective half-life of your password depends on its exposure. Piano players
can read your keystrokes if they can see your hands.
- Did you write down your password? (If you had to write it down, the fact
it was a necessity does not lower the resultant risk).
- Was it accidentally displayed on the screen?
- Did you login from the hospitality suite at the conference?
- Do you have a nagging feeling you should change it?
- Is it a good, strong password? It is better to have a good password for
months than a bad password for days.
It may seem that you don't have much, if anything, to lose if your password
is guessed and your account broken into, but that's not true: you can lose your
good name and your reputation. Obscene, racist, threatening e-mail from your
account, with your name attached, sent to your friends, family, peers, strangers,
and world wide news groups, can be as difficult to overcome and correct as a
public scandal.
Also see:
Categories of Bad Passwords
Methods for Generating Good Passwords
Requirements for a WSU AccessID Password
